Ranion Ransomware

Posted: February 7, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 164

Ranion Ransomware Description

The Ranion Ransomware is a Trojan that extorts payments from PC users by locking their files and, then, selling them an unlocking service. These attacks can include displaying pop-up alerts, requests for non-refundable currencies like Bitcoins, and changes to the names or extensions of the hostage media. Besides the relevance of backing up your files to devices the Trojan can't compromise, users can defend their PCs by finding and deleting the Ranion Ransomware with anti-malware programs with proven efficacy against file-locking threats.

A New Service for Imprisoning Your Files

Ransomware-as-a-Service, or RaaS, is a popular business model among threat actors who want to offload the effort of conducting attacks with threatening software to others, who take many of the risks along with much of the work. By providing Trojans like the Ranion Ransomware to third-party hands, they can profit more or less passively, other than advertising their software on underground forums. Although the Ranion Ransomware is a recent discovery, it also is cheap, and this fact could boost its distribution rates over those of more sophisticated competitors.

The Ranion Ransomware and its associated network-distribution features are being 'rented' to con artists for a small price in upfront Bitcoins without demanding any additional cuts afterward, such as a percentage of the ransoms. The Trojan is Windows-based and, for vulnerable systems, can block a configurable range of formats by encrypting their files, such as TXT, RTF, BMP, ZIP or PPT. Malware experts have no further information on whether the Trojan implants a marker into the internal data of each file, or whether or not the Ranion Ransomware includes any support for a name or extension-modifying trait.

The Ranion Ransomware's current releases that are available to the public include image-dropping features in their payloads that provide basic instructions on paying the ransom to buy the file-unlocking decryptor. These images also give a seven-day limiting timer, although our malware experts can't confirm the Trojan's capabilities regarding implementing penalties for ignoring it, such as deleting media. Paying the Bitcoin ransom is, as usual, discouraged until you test other solutions for recovering your data to the fullest extent.

UPDATE: As of February 2018, there is a 1.08 build of this Trojan. An extreme majority of anti-malware products also detect the Ranion 1.08 Ransomware as being a threat. The Ranion 1.08 Ransomware remains RaaS-based, and includes the following, new features:

  • The Ranion 1.08 Ransomware employs the traditional function of appending an extension onto the content that it locks and uses '.Ransom' as its tag of choice.
  • The Ranion 1.08 Ransomware double-checks the system's IP address, which could be useful for C&C communication purposes or for identifying that specific machine during the ransoming negotiations.
  • Although the Ranion 1.08 Ransomware keeps the seven-day limit on ransoming your files, it does make a change to the ransom: increasing it to 999 USD value, still in Bitcoins. The threat also provides customized variants of the warning for Italian, Russian, Spanish, English, and other languages.
  • The Ranion 1.08 Ransomware uses fraudulent file details that imply that the installer is an Adobe's Acrobat Reader software.

Doing Your Part against a RaaS Trojan's Profitability

The Ranion Ransomware's business model isn't irrelevant to its victims, thanks to the potentially unpredictable nature it lends to any distribution or installation exploits. Paying con artists are free to circulate the Ranion Ransomware's executable and install it in whatever method they please, including such vectors as e-mail attachments, exploit kit-based drive-by-downloads, and compromising networks by brute-force attacking their login combinations. The symptoms of the Ranion Ransomware infections, typically, will not appear until after the Trojan already locks all of the files that it can access and encrypt.

Secure, isolated backups are the only perfect solution to Trojan attacks using encryption-based features, which sometimes are decryptable by freeware, but, often, are impenetrable without the threat actor's help. Keeping anti-malware programs updated and active can help proactive users avoid installing this threat accidentally and should block and remove the Ranion Ransomware before its payload reaches its media-locking conclusion. Other than its use of the AES-based cryptography, malware experts can give no data on this threat's locking feature or whether a third-party program could decrypt it.

The most money for the least effort is usually the driving force behind any file-locking Trojan's attacks. Minding your security procedures and keeping the Ranion Ransomware from turning your locked files into its money is a small but essential step in curtailing the influence of Ransomware-as-a-Service.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ranion Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 262.65 KB (262656 bytes)
MD5: 447af103027bb7cfa1c09538b38a6007
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
7bfe6671f4db73e4953e423c8e296473 File name: 7bfe6671f4db73e4953e423c8e296473
Size: 269.31 KB (269312 bytes)
MD5: 7bfe6671f4db73e4953e423c8e296473
Detection count: 52
Group: Malware file

More files

Related Posts

Home Malware Programs Ransomware Ranion Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.